Required reading: Carrier IQ around the web

Our mantra around here is that you should aways start and end your day with Android Central -- we're the center of the Android Universe, after all. But when we're not busy stroking our own egos, we're busy stroking other people's and reading everything we can get our hands on. And there's been some damn fine work regarding the Carrier IQ saga from people we respect that you must read. Here's a recap:

Lance Ulanoff, Mashable: "From the moment I read about Carrier IQ’s explanation about what its software does and watched this video, I recognized it as pretty much run-of-the-mill debugging and diagnostic software."

Paul Thurrott, WinSuperSite.com: "Trevor Eckhart is many things, perhaps, but he's not a security researcher. ... His accusations set off an incredible torrent of news and recriminations, especially for Carrier IQ, the company that makes the eponymously named software. But I'm pretty sure almost all of this is baloney."

Rene Ritchie, TiPb: "Does that mean it’s wrong to feel violated? Certainly not, but right now a lot of the attention is being focused on Carrier IQ and that’s a lot like blaming a gun — what you really want is the shooter. It’s the carriers and the manufacturers who are implementing Carrier IQ."

Sean Hollister and Dieter Bohn, The Verge (extended interview): "Other technical details — including how exactly Carrier IQ stores and transmits its data and how carriers utilize it — are both comforting and disquieting by turns. ... At the very least, how Carrier IQ’s software is implemented on various devices needs wider scrutiny from both security experts and regulators."

Take some time and give 'em a read. You'll be smarter for it.

Reader comments

Required reading: Carrier IQ around the web

CarrierIQ can breed unicorns and the carriers can give fairies wings. I am not comfortable with a third party grabbing data from my device and storing it without my consent because my carrier wants them to. Either ask me to opt in and give me a discount on your service or leave me be.

Isn't ironic that AT&T, Sprint, and T-Mobile all run this software but haven't seen a large improvement in service. Wouldn't they just be better stacking up all that cash they give to CarrierIQ and burning it outside the office? I haven't noticed one change since I have had my carrier since 2001.

What i'd like to know is, if the log he found that spits out all our texts, urls, seaches, etc is accessible to him to show us.. can someone write an app that can also access this log and extract that information?

Anyone who installs a data logger program onto my phone. Then 'pulling' that data (including my banking information) up to a supposed 'Secure' location, is purely evil. It has to be stored, for a certain amount of time. Seconds, minutes, days, who cares? That's not the point. Sony thought their data was secure too! Then add https:// not working in this situation either?

Now add all the 'non' CarrierIQ Carriers crying: "We don't have CarrierIQ on our handsets!". . . . Then what do you have on 'Our' phones? That we don't know about yet.

Also add, all this happening while on YOUR own Private Wi-fi network! It's just to much. They can't even say now: "Well, it's on 'Our' network."

This whole thing would have never blown up if the carriers were more up front about it, and did a better job of disclosing what it is and what it does at the point of sale. A simple one page disclosure document that the customer signs at the time they sign a new contract.

But no, they were probably scared that doing so would effect sales and reduce new customer acquisition. Nor did they want to include an opt-out feature because it would mean paying for the software on a device that goes unused, probably knowing that most people would opt-out by default without even reading what it does.

I don't really have a beef with Carrier IQ. I have a beef with the way the carriers handled it's implementation. The carriers should be on the hook for answers here, not the manufacturer who installed it per the requirement of the carrier, and not Carrier IQ, who is simply providing a service.

There's a good chance the worst that is going to come out of this is more government regulation on the carriers, something I'm sure they don't need more of.

Phil I think your missing the point here. I read them all and it's still TERRIBLY WRONG. I am on Sprint this is not on the contract which I signed (and reread for verification) I did not sign on for this and I CAN NOT OPT OUT. That's the elephant in the room. (for anyone that says I can switch carriers... yeah but that's not the point).

Interesting reading, no doubt. I agree with many of their points. Mr. Segan raises an interesting societal issue that is very relevant today and probably plays into the whole issue. Thurrot's piece is amusing in that a Windows Phone homer gives a backhanded compliment to Android in the beginning before getting to the point. But then blows himself out of the water with "Verizon and Sprint-branded handsets are known to be particularly bad offenders" (referring to Windows Phone ROM's). Guess he didn't get the memo that Verizon doesn't use Carrier IQ. Funny how all the comments devolve into the same old stuff we've seen over and over since the whole story broke. Many either need to adjust their tinfoil hats a bit or are wholly naive about the world in which we live.

"I recognized it as pretty much run-of-the-mill debugging and diagnostic software."

But here's the thing: debugging software should not be running on released hardware. There's a reason that specific "debugging" versions of software are produced -- debugging outputs slow down software and make it less efficient. I'd have no problem with carriers running debug software that gets called every time I touch the screen on their test devices, but it has no place on a phone sold at retail.

Also, a point that has been overlooked, with the wealth of information that they are collecting, only half of all devices are on 2.3. Perhaps I could consider a pardon if they were using this extreme diagnostic software to reduce fragmentation, but I'm not seeing it. Updates on a vast majority of devices are implemented extremely slow.